Presentation Title. Helping Practices Achieve Success through Shared Knowledge

Size: px
Start display at page:

Download "Presentation Title. Helping Practices Achieve Success through Shared Knowledge"

Transcription

1 Presentation Title Helping Practices Achieve Success through Shared Knowledge

2 Featured Panelists Michele Madison, Partner at Morris, Manning, and Martin, LLP Ms. Madison is highly experienced with the HITECH rules and has been helping clients navigate healthcare laws for nearly 14 years. She will discuss legislative changes affecting Business Associates and how it affects the Covered Entities. Dr. Paige Joyner, CEO at Compliance +, LLC Dr. Paige Joyner is a known expert on HIPAA Privacy & Security regulations. She walk you through what is required in a Privacy & Security Manual. Deborah Frazier Healthcare IT Support Manager at BlueWave Computing Deborah Frazier developed the Healthcare Compliance Program at BlueWave Computing. As a Business Associate, she will discuss the steps on how ensure your Business Associates are meeting the requirements and how to identify if they are a threat to your PHI.

3 The New Rules for Business Associates

4 The American Recovery and Reinvestment Act of 2009: Stimulus Act Changes to Business Associates Presented By: Michele Madison

5 Polling Question How familiar are you with the new Business Associate Rules under HITECH? Not at all Somewhat informed Very informed

6 Expanded Business Associates Each organization that provides data transmission of Protected Health Information to such entity or its Business Associate and that requires access on a routine basis to such Protected Health Information, such as a Health Information Exchange Organization, Regional Health Information Organization, E-prescribing, Gateway, or each vendor that contracts with a Covered Entity to allow that Covered Entity to offer a personal health record to patients as part of its electronic health record and it is required to enter into a Business Associate Agreement.

7 Increased Application and Enforcement Business Associates are now directly subject to specific requirements Penalties directly apply to Business Associates Increased Penalties Enhanced Enforcement Activities

8 Application of Privacy Provisions and Penalties to BA Additional requirements that relate to privacy and security are now applicable to Business Associate. Include provisions in Business Associate Agreement: Administrative Safeguards Physical Safeguards Technical Safeguards Civil and Criminal Penalties apply to Business Associate.

9 Criminal Penalties Covered Entities should be aware of the additional Penalties and the Enforcement Activities: Enhanced Criminal Penalties Willful neglect standard Additional funding for Enforcement Activities. In 3 years, the individual harmed may receive a % of the CMP collected from the offense.

10 Penalty Tiered Increase Minimal levels of Penalties based on Intent: $100 - $25,000 - Person did not know and would not have known $1,000 - $100,000 - Reasonable cause and not willful neglect $10,000 - $250,000 - Willful neglect $50,000 -$1,500,000 - Willful neglect and not corrected

11 State Attorney General Permits civil actions on behalf of patients. May enjoin the actions; and Obtain damages not to exceed $25,000 annually. Attorneys fees may be recovered by State.

12 Polling Question This Question is for Covered Entities: How much does this information affect which vendors you do business with? Greatly affects it Somewhat affects it Does not affect it at all

13 Notification

14 Security and Notice Requirements Security provisions of HIPAA now apply to a Business Associate of a Covered Entity in the same manner that such sections apply to the Covered Entity. Business associates subject to same penalties as Covered Entities. Also applies to vendors of personal health records. Covered Entities and Business Associates must track and notify individuals when their unprotected information has been put at risk through a security breach by September 16, Policy of empowering the individual with understanding where individual s information accessed in unauthorized manner. Secretary will consult with stakeholders and issue guidance on the most effective and appropriate technical safeguards. Initial guidance to be issued within 60 days after enactment of the HITECH Act (by April 19, 2009). These are to be updated annually.

15 Security and Notice Requirements Applies to any Covered Entity or BA/vendor that: Accesses, maintains, retains, modifies, records, stores, destroys or otherwise holds, uses, or discloses unsecured protected health information. Applies directly to vendors, regardless of whether a business associated agreement is executed.

16 Security and Notice Requirements Obligation to notify triggers upon discovery of a breach: Discovery determined to be the first day on which such breach is known or should reasonably have been known to such entity or associate to have occurred. Knowledge by any person that is an employee, officer or other agent of the entity or associate. Following discovery of a breach of unsecured protected health information, Covered Entity and Business Associate must: Covered Entity must notify the individual. Business Associate must notify the Covered Entity.

17 Security and Notice Requirements Notice to Individual must include: Identification of each individual whose unsecured protected health information has been, or is reasonably believed to have been accessed, acquired, or disclosed during such breach. Brief description of what happened, including the date of the breach and the date of discovery of the breach. Description of the types of unsecured protected health information that were involved. Steps the individual should take to protect themselves from potential harm resulting from the breach. Description of watt the covered entity involved is doing to investigate the breach, to mitigate losses, and to protect against any further breaches. Contact procedures for individuals to ask question or learn additional information.

18 Security and Notice Requirements Notice to the Secretary by Covered Entities: For breaches impacting 500 or more individuals, notify the Secretary immediately. For breaches impacting fewer than 500 individuals, maintain a log and notify the Secretary annually submit such log.

19 Security and Notice Requirements Notice Process Notice Timing: Notice must be made without unreasonable delay and in no case later than 60 calendar days after discovery of a breach. Delay allowed if a law enforcement official determines that a notification, notice or posting would impede a criminal investigation or cause damage to national security. Methods of Notice: Written notification by first class mail to individual. Substitute notice process for insufficient or out of date contact information. Media notice information for 500 individuals or more.

20 Polling Question Have you reviewed the Administrative, Technical, & Physical Safeguards and addressed each rule?

21 Next Steps Covered Entities should evaluate what entities serve to exchange health information or serve as Personal Health Records Covered Entities should evaluate their current business associate agreements and draft revised language Business Associates (new BAs) should evaluate current processes and perform a risk assessment under the Security Regulations Implement HIPAA Security Safeguards

22 Thank You Michele Madison Partner, Healthcare Morris, Manning & Martin, LLP This presentation is provided as a general informational service to clients and friends of Morris, Manning & Martin, LLP. It should not be construed as, and does not constitute, legal advice on any specific matter, nor does this message create an attorney-client relationship. These materials may be considered Attorney Advertising in some states. Please note, prior results discussed in the material do not guarantee similar outcomes.

23 Compliance +, LLC

24

25

26 Polling Question Do you have processes and procedures in place to address the handling, reporting, and logging PHI?

27 What do you need? The following list is from an actual BA of one of my clients. It illustrates the length that this BA has gone in order to protect themselves and ultimately their clients patients PHI. There is value in being a trusted BA by implementing the proper protections for your clients patients PHI.

28 Policies & Procedures Policy General HIPAA Compliance Policy Policies and Procedures Policy Documentation Policy Documentation Retention Policy Documentation Availability Policy Documentation Updating Policy HHS HIPAA Investigations Policy Breach Notification Policy Privacy Officer Policy HIPAA State Law Preemption Policy Procedure Developing or Changing Policy or Procedure) Data Destruction Procedure Accountability of Disclosures Procedure Escalating and Handling HHS HIPAA Investigation and other Third Party Requests Security and Privacy Incident Response Plan

29 Policies & Procedures Policy HIPAA Training Policy PHI Uses and Disclosures Policy Patient Rights Policy Privacy Complaints Policy Risk Management Process Policy Risk Analysis Policy Risk Management Implementation Policy Procedure Access Request Escalation and Handling Procedures Complaints Escalation and Handling Procedure Sanction Policy Information Systems Activity Review Policy Assignment of Security Responsibility Policy

30 Policies & Procedures Policy Authorization and Supervision Policy Procedure Access Screening Policy Access Termination Policy Access Authorization Policy Access Establishment and Modification Policy Security Reminders Policy Malware Protection Policy Log In Monitoring Policy Password Management Policy Security Incident Procedures

31 Policies & Procedures Policy Procedure Data Backup Plan Disaster Recovery Plan Emergency Mode Operations Plan Testing & Revision Procedures A&D Criticality Analysis Policy Evaluation Policy Business Associates Policy Contingency Operations Policy Facility Security Plan Access Control & Validation Procedures

32 Policies & Procedures Policy Maintenance Records Policy Procedure Workstation Use Policy Workstation Security Policy Media Disposal Policy Media Re Use Policy Hardware & Media Accountability Policy Data Backup & Storage Policy Unique User ID Policy Emergency Access Procedures Automatic Log Off Policy

33 Policies & Procedures Policy Encryption & Decryption Policy Audit Controls Policy Integrity Controls Policy Person or Entity Authentication Policy Procedure Integrity Controls Procedure Postal Communications Containing PHI Policy

34 Confused? Where to start? Diagram workflows and PHI processing Diagram network Examine for threats, vulnerabilities, risks Document access Document all with P&P Monitor and adjust compliance

35 Notes A covered Entity may request copies of your P&P. A covered entity will require a sign BA Agreement. The new BA agreements make you responsible rather than passing it off to the CE. Protect the PHI!

36 Thank you Paige Joyner Compliance +, LLC

37 BA Perspective The IT Support Provider who Informs & Protects

38 Polling Question If you are a Business Associate do you: Transmit Health Records Store Health Records Have Access to Health Records

39 Why BlueWave Became HIPAA Compliant Realized Responsibility PHI our engineers can access through the network (Access) Patient Data that rest in our Data Center (Store) BlueWave Data Center Hosted Over 100 server in our data center that hold PHI Patient Data backed up by our Disaster Recovery program (Transfer)

40 BlueWave s HIPAA To-Do List Privacy Manuals (All) Security Manuals (Electronic Access) Workforce Training (All) Administrative, Physical & Technical Safeguards (Electronic Access) Vulnerability Test (Electronic Access) Network Diagram (Electronic Access) Network Asset List (Electronic Access) Work Plan (Electronic Access) Business Associate Checklist (Share PHI with Subcontractors) LOCK IT DOWN PROTECT THE PHI

41 Why? 23% of breaches involve a BA 12 of the Largest Breaches involved a BA 8 of the CE s in the largest breaches, modified or terminated their relationship with the BA Reputation Loss All client s get fined if the PHI is not secure Fines for BlueWave Become the Trusted Resource for IT Support BIGGEST REASON Protect the Practices & their patients

42 Facts 330 major healthcare breaches affecting 11.8 million individuals. 23% of those involved BA = over 2.7 million Business Associates are the biggest vulnerability to a CE because they are not prepared If a breach occurs the CE name is listed along with the BA Emergency Healthcare Physicians, Ltd. State: Illinois Business Associate Involved: Millennium Medical Management Resources, Inc. Approx. # of Individuals Affected: 180,111 Date of Breach: 2/27/10 Type of Breach: Theft Location of Breached Information: Portable Electronic Device, Other

43 Lessons From Other BA s KPMG Lost an unencrypted flash drive affecting more than 4,500 patient records. Their client New Jersey Healthcare System. Breach affected 2 facilities: 3,630 patients at Saint Barnabas Medical Center 965 patients at Newark Beth Israel Medical Center Note: 8 months later KMPG was awarded a $9.3 million contract to do 150 random audits on practices and business associates.

44 Lessons From Other BA s Heritage Health Solutions - An unencrypted laptop belonging to VA contractor Heritage Health Solutions was stolen from a vehicle, compromising the records of more than 600 veteran. Heritage Health Solutions has 69 contracts with VA 25 of those don t have clauses requiring personal data to be encrypted Booz Allen The group hired to make a list of all covered entities and business associates has been the target of a hacking group called Anonymous. The information hacked included 90,000 military e- mail addresses and password hashes.

45 Lessons From Other BA s Dentaquest A laptop was stolen out of the trunk of the subcontractors vehicle. The computer was password protected, but did not have any other safeguards to prevent unauthorized access to the information. IBM 9 servers disappeared out of the data center. The data held nearly 2 million records. To make matters worse, the CE, Healthnet, waited 2 months to report it. Archive Data Solutions aka Iron Mountain - South Shore said it shipped the backup files to the then unnamed contractor but was informed months later that only a fraction of the boxes were received.

46 Lessons From Other BA s Computer Program & Systems, Inc. (CPSI) Someone gained unauthorized access into the system. 763 records were compromised. Provides IT support to rural hospitals in Texas and has a host of IT services including: Hosted/Cloud Services Disaster Recovery Collaboration & Connectivity Systems Management Security Services

47 Lessons From Other BA s Rick Lawson, Professional Computer Services (IC) Hacking compromised 2,000 records at his clients site Is now listed as the CIO for Professional Consulting & Technical Services where he states his strengths are: Advanced network monitoring, auditing, security, and intrusion detection and alerting. Custom security solutions for VPN and remote access. HIPAA-compliant medical and dental practice management. Business Continuity planning, disaster prevention and recovery. Virus and malware prevention and removal, plus data recovery services.

48 What Do These Have in Common? All breaches could have been prevented if they had a HIPAA Program in place. All of them positioned themselves as healthcare & HIPAA experts on their website. If you have not verified your BA s HIPAA Compliance these can affect you. Each one of these breaches compromised over 500 PHI records.

49 Feedback from BA s I have called on for my clients 80% told me they were compliant until they got stuck on some questions. Others Said: This is very Invasive It is a huge Expense during hard economic times It is Minor in the realm of government regulations It is Un-enforced/Un-enforceable Not applicable to me

50 Must Educate BA s They were never informed by the government that they had to do this. Most will get defensive/argumentative must have tough skin. You must educate them on the HITECH law & HIPAA rules. You must be up-to-date on the legislative changes affecting healthcare. Must understand that this is an expense to them they will probably not change unless they have multiple clients demanding this.

51 Who are Your BA s? Anyone who stores, transmits or accesses PHI on your network.

52 HIPAA is Not an Annual Check-off Unlike some regulatory compliance programs, HIPAA is not just a one time or annual check off list. Business Associates have to change the way they do business on a daily basis.

53 Example of What BlueWave Has Done Regarding IT Support: Web Portal with Pictures of Engineering Team Password Vault Workforce Training Workforce Clearance Termination Procedures ACCESS to PHI

54 Regarding Cloud Computing Finger Print Scanning Iris Scanning 2 layers of Security Personnel Encryption at Firewall Level Only 3 engineers with physical access to the cage Password Vault Example of What BlueWave Has Done VPN Tunnel Backed up to Phoenix Data Center Stored PHI

55 Example of What BlueWave Has Done Regarding Disaster Recovery Use Same Data Facilities Backed up to Encrypted Server Backed up online to secure data centers in Atlanta & Phoenix Bi-Annual Testing Option Server & Desktop DR Capabilities PHI in Transit

56 Example of What BlueWave Has Done Consistent Access Logging: Client can pull reports on: Date Accessed Who Accessed Type of Issue What was done Clients can pull these reports from this month to up to the entire length of their contract Network Diagram Asset Inventory LOGGING REPORTS

57 A Business Associate Agreement is Not Enough MUST VERIFY Get a copy of their Policies and Procedures Ask specific questions on how they are going to service your account Find out if they store their information elsewhere and if they have had that audited Ask specific safeguard questions Ask about any subcontractors that have access to your practices PHI

58 Be Wary of BA s Who: Fight you on this Want to do the minimum necessary to get compliant You Need a BA Who You Can: Trust they will protect your patients PHI. Trust they are knowledgeable enough to know how to protect the PHI. Trust they are serious about protecting PHI. Trust they are going to maintain the PHI. Is willing to prove all the above.

59 Example of What BlueWave Has Done Packaged the Compliance Program we performed internally to help protect Covered Entities & their Business Associates. Became part of the solution rather than an obstacle.

60 Form a Team to Protect PHI As you call your BA s, you are going to find a lot of kickback. Other practice managers are going through the same thing. For this reason it is important to: Keep a list of those who are compliant. Share that list with other practice managers. Share the list with BlueWave. Next year we will post it on our website.

61 Polling Questions BlueWave is putting together a formal list of Business Associates who meet the compliance requirements. If you would like to be informed of who met the qualifications, please check yes here. If you would like to add your own business associates who meet the criteria to the list, please check yes here.

62 Thank you Deborah Frazier Bluewave Computing

63 Privacy, Security & Disaster Recovery Committee About the Healthcare Solutions Resource Forum (HSRF) Created by Dr. Paige Joyner of Compliance + and Debora Frazier of BlueWave Computing, the Healthcare Solutions Resource Forum (HSRF) is a flagship program designed to bring together prominent thinkers from various disciplines with healthcare executives in order to identify the impact of legislative changes in the areas of technology, operations and finance. The concept of the HSRF was born out of the realization that the healthcare industry is under more pressure than ever before to meet legislative changes, yet the information is so scattered and unclear. By combining the knowledge of experts in various disciplines, members can assimilate information to form clear solutions and address legislative changes. Together we believe we can have a positive impact on the healthcare community, whereas on our own we can only impact our small part of the world.

64 Polling Question The Healthcare Solutions Resource Forum will be sending out a survey to all of those who registered for this function. Upon returning the survey you will be entered into a drawing for a $100 AMEX gift certificate. The purpose of the survey is to find out what other topics you might be interested in. In addition, you will have an opportunity to request a 15 minute consultation with any of the speakers on this call. The winner will be announced to all participants at the end of the business day. If you would like to be entered into the drawing, please check if you would like to be contacted by or phone.

65 For More Information on the Healthcare Solutions Resource Forum

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com

Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com Heather L. Hughes, J.D. HIPAA Privacy Officer U.S. Legal Support, Inc. hhughes@uslegalsupport.com www.uslegalsupport.com HIPAA Privacy Rule Sets standards for confidentiality and privacy of individually

More information

HIPAA Security Rule Compliance

HIPAA Security Rule Compliance HIPAA Security Rule Compliance Caryn Reiker MAXIS360 HIPAA Security Rule Compliance what is it and why you should be concerned about it Table of Contents About HIPAA... 2 Who Must Comply... 2 The HIPAA

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Security Is Everyone s Concern:

Security Is Everyone s Concern: Security Is Everyone s Concern: What a Practice Needs to Know About ephi Security Mert Gambito Hawaii HIE Compliance and Privacy Officer July 26, 2014 E Komo Mai! This session s presenter is Mert Gambito

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

HIPAA and Mental Health Privacy:

HIPAA and Mental Health Privacy: HIPAA and Mental Health Privacy: What Social Workers Need to Know Presenter: Sherri Morgan, JD, MSW Associate Counsel, NASW Legal Defense Fund and Office of Ethics & Professional Review 2010 National Association

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec.

2011 2012 Aug. Sept. Oct. Nov. Dec. Jan. Feb. March April May-Dec. The OCR Auditors are coming - Are you next? What to Expect and How to Prepare On June 10, 2011, the U.S. Department of Health and Human Services Office for Civil Rights ( OCR ) awarded KPMG a $9.2 million

More information

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 HIPAA and the HITECH Act Privacy and Security of Health Information in 2009 What is HIPAA? Health Insurance Portability & Accountability Act of 1996 Effective April 13, 2003 Federal Law HIPAA Purpose:

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

When HHS Calls, Will Your Plan Be HIPAA Compliant?

When HHS Calls, Will Your Plan Be HIPAA Compliant? When HHS Calls, Will Your Plan Be HIPAA Compliant? Petula Workman, J.D., CEBS Division Vice President Compliance Counsel Gallagher Benefit Services, Inc., Sugar Land, Texas The opinions expressed in this

More information

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by:

Privacy Officer Job Description 4/28/2014. HIPAA Privacy Officer Orientation. Cathy Montgomery, RN. Presented by: HIPAA Privacy Officer Orientation Presented by: Cathy Montgomery, RN Privacy Officer Job Description Serve as leader Develop Policies and Procedures Train staff Monitor activities Manage Business Associates

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE

Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE Hosting for Healthcare: ADDRESSING THE UNIQUE ISSUES OF HEALTH IT & ACHIEVING END-TO-END COMPLIANCE [ Hosting for Healthcare: Addressing the Unique Issues of Health IT & Achieving End-to-End Compliance

More information

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH)

Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) Table of Contents Introduction... 1 1. Administrative Safeguards...

More information

The HIPAA Audit Program

The HIPAA Audit Program The HIPAA Audit Program Anna C. Watterson Davis Wright Tremaine LLP The U.S. Department of Health and Human Services (HHS) was given authority, and a mandate, to conduct periodic audits of HIPAA 1 compliance

More information

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS

HIPAA PRIVACY AND SECURITY FOR EMPLOYERS HIPAA PRIVACY AND SECURITY FOR EMPLOYERS Agenda Background and Enforcement HIPAA Privacy and Security Rules Breach Notification Rules HPID Number Why Does it Matter HIPAA History HIPAA Title II Administrative

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES HIPAA COMPLIANCE Achieving HIPAA Compliance with Security Professional Services The Health Insurance

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification

Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Policies and Procedures Audit Checklist for HIPAA Privacy, Security, and Breach Notification Type of Policy and Procedure Comments Completed Privacy Policy to Maintain and Update Notice of Privacy Practices

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act

What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act What Health Care Entities Need to Know about HIPAA and the American Recovery and Reinvestment Act by Lane W. Staines and Cheri D. Green On February 17, 2009, The American Recovery and Reinvestment Act

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013

6/17/2013 PRESENTED BY: Updates on HIPAA, Data, IT and Security Technology. June 25, 2013 Updates on HIPAA, Data, IT and Security Technology June 25, 2013 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind, including,

More information

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations

Compliance Challenges. Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard. Increased Audits & On-site Investigations Enabling a HITECH & HIPAA Compliant Organization: Addressing Meaningful Use Mandates & Ensuring Audit Readiness Ali Pabrai, MSEE, CISSP (ISSMP, ISSAP) Member, FBI InfraGard Compliance Mandates Increased

More information

What s New with HIPAA? Policy and Enforcement Update

What s New with HIPAA? Policy and Enforcement Update What s New with HIPAA? Policy and Enforcement Update HHS Office for Civil Rights New Initiatives Precision Medicine Initiative (PMI), including Access Guidance Cybersecurity Developer portal NICS Final

More information

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd

Lessons Learned from Recent HIPAA and Big Data Breaches. Briar Andresen Katie Ilten Ann Ladd Lessons Learned from Recent HIPAA and Big Data Breaches Briar Andresen Katie Ilten Ann Ladd Recent health care breaches Breach reports to OCR as of February 2015 1,144 breaches involving 500 or more individual

More information

HIPAA Breach Notification Interim Final Rule

HIPAA Breach Notification Interim Final Rule HIPAA Breach Notification Interim Final Rule The American Recovery and Reinvestment Act of 2009 ( the Act ) made several changes to the HIPAA privacy rules including adding a requirement for notice to

More information

The Basics of HIPAA Privacy and Security and HITECH

The Basics of HIPAA Privacy and Security and HITECH The Basics of HIPAA Privacy and Security and HITECH Protecting Patient Privacy Disclaimer The content of this webinar is to introduce the principles associated with HIPAA and HITECH regulations and is

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Healthcare Compliance Solutions Let Protected Trust be your Safe Harbor In the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH), the U.S. Department of Health and Human

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

HIPAA Privacy Breach Notification Regulations

HIPAA Privacy Breach Notification Regulations Technical Bulletin Issue 8 2009 HIPAA Privacy Breach Notification Regulations On August 24, 2009 Health and Human Services (HHS) issued interim final regulations implementing the HIPAA Privacy Breach Notification

More information

HIPAA Privacy & Breach Notification Training for System Administration Business Associates

HIPAA Privacy & Breach Notification Training for System Administration Business Associates HIPAA Privacy & Breach Notification Training for System Administration Business Associates Barbara M. Holthaus privacyofficer@utsystem.edu Office of General Counsel University of Texas System April 10,

More information

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits HIPAA Breaches, Security Risk Analysis, and Audits Derrick Hill Senior Health IT Advisor Kentucky REC Why Does Privacy and Security Matter? Trust Who Must Comply with HIPAA Rules? Covered Entities (CE)

More information

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice

Appendix 4-2: Sample HIPAA Security Risk Assessment For a Small Physician Practice Appendix 4-2: Administrative, Physical, and Technical Safeguards Breach Notification Rule How Use this Assessment The following sample risk assessment provides you with a series of sample questions help

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS

HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS HIPAA/HITECH PRIVACY & SECURITY CHECKLIST SELF ASSESSMENT INSTRUCTIONS Thank you for taking the time to fill out the privacy & security checklist. Once completed, this checklist will help us get a better

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

What do you need to know?

What do you need to know? What do you need to know? DISCLAIMER Please note that the information provided is to inform our clients and friends of recent HIPAA and HITECH act developments. It is not intended, nor should it be used,

More information

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law

Everett School Employee Benefit Trust. Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Everett School Employee Benefit Trust Reportable Breach Notification Policy HIPAA HITECH Rules and Washington State Law Introduction The Everett School Employee Benefit Trust ( Trust ) adopts this policy

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

New HIPAA Rules and EHRs: ARRA & Breach Notification

New HIPAA Rules and EHRs: ARRA & Breach Notification New HIPAA Rules and EHRs: ARRA & Breach Notification Jim Sheldon-Dean Director of Compliance Services Lewis Creek Systems, LLC www.lewiscreeksystems.com and Raj Goel Chief Technology Officer Brainlink

More information

HIPAA compliance audit: Lessons learned apply to dental practices

HIPAA compliance audit: Lessons learned apply to dental practices HIPAA compliance audit: Lessons learned apply to dental practices Executive summary In 2013, the Health Insurance Portability and Accountability Act (HIPAA) of 1996 Omnibus Rule put healthcare providers

More information

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011

Nationwide Review of CMS s HIPAA Oversight. Brian C. Johnson, CPA, CISA. Wednesday, January 19, 2011 Nationwide Review of CMS s HIPAA Oversight Brian C. Johnson, CPA, CISA Wednesday, January 19, 2011 1 WHAT I DO Manage Region IV IT Audit and Advance Audit Technique Staff (AATS) IT Audit consists of 8

More information

What You Need to Know About the New HIPAA Breach Notification Rule 1

What You Need to Know About the New HIPAA Breach Notification Rule 1 What You Need to Know About the New HIPAA Breach Notification Rule 1 New regulations effective September 23, 2009 require all physicians who are covered by HIPAA to notify patients if there are breaches

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP

HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR. Chris Apgar, CISSP HIPAA MYTHS: DON T ALWAYS BELIEVE WHAT YOU HEAR Chris Apgar, CISSP 2015 OVERVIEW Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the Right

More information

HIPAA/HITECH: A Guide for IT Service Providers

HIPAA/HITECH: A Guide for IT Service Providers HIPAA/HITECH: A Guide for IT Service Providers Much like Arthur Dent in the opening scene of The Hitchhiker s Guide to the Galaxy (HHGTTG), you re experiencing the impact of new legislation that s infringing

More information

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy

CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy CREATIVE SOLUTIONS IN HEALTHCARE, INC. Privacy Policy Amended as of February 12, 2010 on the authority of the HIPAA Privacy Officer for Creative Solutions in Healthcare, Inc. TABLE OF CONTENTS ARTICLE

More information

HIPAA 101. March 18, 2015 Webinar

HIPAA 101. March 18, 2015 Webinar HIPAA 101 March 18, 2015 Webinar Agenda Acronyms to Know HIPAA Basics What is HIPAA and to whom does it apply? What is protected by HIPAA? Privacy Rule Security Rule HITECH Basics Breaches and Responses

More information

HIPAA Information Security Overview

HIPAA Information Security Overview HIPAA Information Security Overview Security Overview HIPAA Security Regulations establish safeguards for protected health information (PHI) in electronic format. The security rules apply to PHI that is

More information

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1

HIPAA COMPLIANCE AND DATA PROTECTION. sales@eaglenetworks.it +39 030 201.08.25 Page 1 HIPAA COMPLIANCE AND DATA PROTECTION sales@eaglenetworks.it +39 030 201.08.25 Page 1 CONTENTS Introduction..... 3 The HIPAA Security Rule... 4 The HIPAA Omnibus Rule... 6 HIPAA Compliance and EagleHeaps

More information

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant 1 HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant Introduction U.S. healthcare laws intended to protect patient information (Protected Health Information or PHI) and the myriad

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013

HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security. May 7, 2013 HIPAA Compliance The Time is Now Changes on the Horizon: The Final Regulations on Privacy and Security May 7, 2013 Presenters James Clay President Employee Benefits & HR Consulting The Miller Group jimc@millercares.com

More information

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality

HIPAA Audits: How to Be Prepared. Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality HIPAA Audits: How to Be Prepared Lindsey Wiley, MHA, CHTS-IM, CHTS-TS HIT Manager Oklahoma Foundation for Medical Quality An Important Reminder For audio, you must use your phone: Step 1: Call (866) 906-0123.

More information

Can Your Diocese Afford to Fail a HIPAA Audit?

Can Your Diocese Afford to Fail a HIPAA Audit? Can Your Diocese Afford to Fail a HIPAA Audit? PETULA WORKMAN & PHIL BUSHNELL MAY 2016 2016 ARTHUR J. GALLAGHER & CO. BUSINESS WITHOUT BARRIERS Agenda Overview Privacy Security Breach Notification Miscellaneous

More information

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches

Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Art Gross President & CEO HIPAA Secure Now! How to Prepare for the 2015 HIPAA Audits and Avoid Data Breaches Speakers Phillip Long CEO at Business Information Solutions Art Gross President & CEO of HIPAA

More information

Top Ten Technology Risks Facing Colleges and Universities

Top Ten Technology Risks Facing Colleges and Universities Top Ten Technology Risks Facing Colleges and Universities Chris Watson, MBA, CISA, CRISC Manager, Internal Audit and Risk Advisory Services cwatson@schneiderdowns.com April 23, 2012 Overview Technology

More information

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 5. 2. Security Standards - Organizational, Security Policies Standards & Procedures, - Administrative and Documentation Safeguards

More information

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP Today s elunch Presenters

More information

Business Associates and HIPAA

Business Associates and HIPAA Business Associates and HIPAA What BAs need to know to comply with HIPAA privacy and security rules by Dom Nicastro White paper The lax days of complying with privacy and security laws are over for business

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10) MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

Joseph Suchocki HIPAA Compliance 2015

Joseph Suchocki HIPAA Compliance 2015 Joseph Suchocki HIPAA Compliance 2015 Sponsored by Eagle Associates, Inc. Eagle Associates provides compliance services for over 1,200 practices nation wide. Services provided by Eagle Associates address

More information

HIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012

HIPAA Privacy, Security, Breach, and Meaningful Use. CHUG October 2012 HIPAA Privacy, Security, Breach, and Meaningful Use Practice Requirements for 2012 CHUG October 2012 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Standards for Privacy of Individually

More information

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax

Please Read. Apgar & Associates, LLC apgarandassoc.com P. O. Box 80278 Portland, OR 97280 503-384-2538 877-376-1981 503-384-2539 Fax Please Read This business associate audit questionnaire is part of Apgar & Associates, LLC s healthcare compliance resources, Copyright 2014. This questionnaire should be viewed as a tool to aid in evaluating

More information

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37.

Zip It! Feds, State Strengthen Privacy Protection. Practice Management Feature July 2012. Tex Med. 2012;108(7):33-37. Zip It! Feds, State Strengthen Privacy Protection Practice Management Feature July 2012 Tex Med. 2012;108(7):33-37. By Crystal Conde Associate Editor When it comes to enforcing HIPAA data security and

More information

Health Information Privacy Refresher Training. March 2013

Health Information Privacy Refresher Training. March 2013 Health Information Privacy Refresher Training March 2013 1 Disclosure There are no significant or relevant financial relationships to disclose. 2 Topics for Today State health information privacy law Federal

More information

HIPAA Privacy and Information Security Management Briefing

HIPAA Privacy and Information Security Management Briefing HIPAA Privacy and Information Security Management Briefing Karen Pagliaro-Meyer Privacy Officer kpagliaro@columbia.edu (212) 305-7315 Soumitra Sengupta Information Security Officer sen@columbia.edu (212)

More information

HIPAA Compliance: Efficient Tools to Follow the Rules

HIPAA Compliance: Efficient Tools to Follow the Rules Bank of America Merrill Lynch White Paper HIPAA Compliance: Efficient Tools to Follow the Rules Executive summary Contents The stakes have never been higher for compliance with the Health Insurance Portability

More information

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers

Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Presenting a live 90-minute webinar with interactive Q&A Mobile Medical Devices and BYOD: Latest Legal Threat for Providers Developing a Comprehensive Usage Strategy to Safeguard Health Information and

More information

HIPAA Update Focus on Breach Prevention

HIPAA Update Focus on Breach Prevention HIPAA Update Focus on Breach Prevention Objectives By the end of this program, participants should be able to: Identify top reasons why breaches occur Review the breach definition and notification process

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996

What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 What is HIPAA? The Health Insurance Portability and Accountability Act of 1996 BASIC QUESTIONS AND ANSWERS What Does HIPAA do? Creates national standards to protect individuals' medical records and other

More information

Greenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013

Greenway Marketplace. Hear from GSG Compliance & White Plume November 14, 2013 Greenway Marketplace Hear from GSG Compliance & White Plume November 14, 2013 Marketplace Mission Statement To enhance the Greenway customer user experience by offering innovative, forwardthinking technologies

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates

HIPAA Myths. WEDI Regional Affiliates. Chris Apgar, CISSP Apgar & Associates HIPAA Myths WEDI Regional Affiliates Chris Apgar, CISSP Apgar & Associates Overview Missed Regulatory Requirements Common HIPAA Privacy Myths Common HIPAA Security Myths Other Related Myths Finding the

More information